The new Apple Trojan "BlackHoleRat" sneaks itself in through OS X users' open back doors. It is currently in "beta" and its capabilities are being expanded. (Source: Sophos Labs)

One of its capabilities is to pop up fake administrator password request windows as a phishing attempt (Source: Sophos Labs)

The trojan even delivers humorous messages to users in current form. (Source: Sophos Labs)

(Source: Chris Moncus)

Malicious program still appears to be in "beta" form, unlike its Windows counterpart

Security researchers at Sophos Labs have discovered a naughty new trojan that's in the process of beta testing attack capabilities against the growing population of Mac users.

The trojan exploits open back doors in OS X to gain a good deal of access to the system. It can be transmitted through a variety of vectors, including torrent files or seemingly legitimate download programs. It could also be, in the future, delivered via the exploitation of browser flaws to perform "drive by downloads".

Once inside, the Trojan gets down to business, allowing the attacker to have their way with their Apple victim. The attacker can plant text files on the desktop, force URLs to open, run shell commands, and pop up fake password windows in a phishing attempt.

They can also force the users machine shutdown or reboot. When a reboot is forced an amusing message pops up, informing:

I am a Trojan Horse, so i have infected your Mac Computer. I know, most people think Macs can't be infected, but look, you ARE Infected! I have full controll over your Computer and i can do everything I want, and you can do nothing to prevent it.

So, Im a very new Virus, under Development, so there will be much more functions when im finished.

The virus is a port of darkComent, a remote access trojan for Windows. The new OS X versions has been dubbed "OSX/MusMinim-A", or "MusMinim" for short, by Sophos. Its creators, however, call it BlackHoleRat.

Sophos believes its creators will likely expand its functionality now that the concept has been proven. It will likely be loaded with far nastier tricks in the future.

Despite its obscurity, Apple's poor security track record virtually ensures that Apple OS X users back doors will be open in years to come. And increasingly they may find malicious individuals looking to poke and prod their way inside.

Apple used to bundle anti-malware into .Mac subscriptions. Those went away when it became MobileMe, but they still sell anti-malware software packages at their own Apple Stores.

I don't think anyone sane denies that malware is out there. Apple certainly doesn't deny it based on the fact that they sell the software themselves. Braindead fanboys will deny it, sure, but there is no such thing as a completely secure piece of software.

Whether or not it is a credible threat is a different story though. Do you know what the biggest victim of malware was outside of Windows XP? MacOS 8 and 9.

There were far fewer MacOS users than OS X users now, yet it had way more issues with viruses. Yes, there is malware out there for OS X, but the UNIX base of OS X has done a lot to keep it safe, even if it has been poorly curated compared to Windows (which has to be vigilant, being such a giant target). I'm not freaked out over the prospect of viruses in Windows 7, it is really secure and there is elevating of user rights, etc, but I still keep NOD32 running just in case.

These stories regarding security on OS X have been running for over a decade, and I still wait for some crazy botnet that turns the millions of Macs out there into zombies that self-propagate their sickness to every other Mac out there, but it has yet to happen. Practically speaking, it still isn't an issue, and I don't know if it ever will be.